That is scary in its own right, in a different way. That is the sort of dismal problem that is far too common.
I would find it somewhat comforting, though, if the widespread exploits were the product of an ignored bug. The reports of widespread exploitation started soon after this announcement. That someone might have gone from 0** to widely-deployed exploit in a few hours is something I find scarier than another case of an ignored bugfix.
**Well, "baseline to 100." It's sensible to assume that whoever did it had a pre-existing codebase and similar SQL injection code to work off.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2014-10-30 09:26 pm (UTC)I would find it somewhat comforting, though, if the widespread exploits were the product of an ignored bug. The reports of widespread exploitation started soon after this announcement. That someone might have gone from 0** to widely-deployed exploit in a few hours is something I find scarier than another case of an ignored bugfix.
**Well, "baseline to 100." It's sensible to assume that whoever did it had a pre-existing codebase and similar SQL injection code to work off.